wo-smtpclient - npm Package Compare versions

Comparing version 0.3.6 to 0.3.7

package.json

 {
   "name": "wo-smtpclient",
-  "version": "0.3.6",
+  "version": "0.3.7",
   "homepage": "https://github.com/whiteout-io/smtpclient",
@@ -21,3 +21,3 @@ "description": "SMTP Client allows you to connect to and stream data to a SMTP server in the browser.",
   "dependencies": {
-    "tcp-socket": "~0.3.0",
+    "tcp-socket": "~0.3.4",
     "wo-stringencoding": "~0.1.1",
@@ -24,0 +24,0 @@ "axe-logger": "~0.0.2"

README.md

@@ -59,3 +59,3 @@ # SMTP Client
 
-  * **useSSL** *Boolean* Set to true, to use encrypted connection
+  * **useSecureTransport** *Boolean* Set to true, to use encrypted connection
   * **name** *String* Client hostname for introducing itself to the server
@@ -69,2 +69,3 @@ * **auth** *Object* Authentication options. Depends on the preferred authentication method
   * **logLength** *Number* How many messages between the client and the server to log. Set to false to disable logging. Defaults to 6
+  * **ignoreTLS** – if set to true, do not issue STARTTLS even if the server supports it
 
@@ -71,0 +72,0 @@ ### XOAUTH2

src/smtpclient.js

@@ -151,4 +151,3 @@ // Copyright (c) 2013 Andris Reinman
         /**
-         * If STARTTLS support lands in TCPSocket, _secureMode can be set to
-         * true, once the connection is upgraded
+         * Indicates if the connection is secured or plaintext
          */
@@ -215,7 +214,2 @@ this._secureMode = !!this.options.useSecureTransport;
         this.socket = this._TCPSocket.open(this.host, this.port, {
-            /*
-                I wanted to use "string" at first but realized that if a
-                STARTTLS would have to be implemented not in the socket level
-                in the future, then the stream must be binary
-            */
             binaryType: 'arraybuffer',
@@ -622,2 +616,9 @@ useSecureTransport: this._secureMode,
 
+        // Detect if the server supports STARTTLS
+        if (!this._secureMode && command.line.match(/[ \-]STARTTLS\s?$/mi) && !this.options.ignoreTLS) {
+            this._currentAction = this._actionSTARTTLS;
+            this._sendCommand('STARTTLS');
+            return;
+        }
+
         this._authenticateUser.call(this);
@@ -627,2 +628,25 @@ };
     /**
+     * Handles server response for STARTTLS command. If there's an error
+     * try HELO instead, otherwise initiate TLS upgrade. If the upgrade
+     * succeedes restart the EHLO
+     *
+     * @param {String} str Message from the server
+     */
+    SmtpClient.prototype._actionSTARTTLS = function(command) {
+        if (!command.success) {
+            // Try HELO instead
+            this._currentAction = this._actionHELO;
+            this._sendCommand('HELO ' + this.options.name);
+            return;
+        }
+
+        this._secureMode = true;
+        this.socket.upgradeToSecure();
+
+        // restart protocol flow
+        this._currentAction = this._actionEHLO;
+        this._sendCommand('EHLO ' + this.options.name);
+    };
+
+    /**
      * Response to HELO
@@ -629,0 +653,0 @@ *

test/integration/smtpclient-test.js

@@ -10,2 +10,5 @@ 'use strict';
 describe('smtpclient node integration tests', function() {
+
+    process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
+
     var smtp, port = 10001,
@@ -178,3 +181,3 @@ server;
             secureConnection: false,
-            ignoreTLS: true,
+            ignoreTLS: false,
             authMethods: ["PLAIN", "LOGIN", "XOAUTH2"]
@@ -181,0 +184,0 @@ };

test/unit/smtpclient-test.js

@@ -39,2 +39,3 @@ 'use strict';
             TCPSocket.prototype.send = function() {};
+            TCPSocket.prototype.upgradeToSecure = function() {};
 
@@ -416,2 +417,17 @@ socketStub = sinon.createStubInstance(TCPSocket);
             });
+
+            it('should proceed to starttls', function() {
+                var _sendCommandStub = sinon.stub(smtp, '_sendCommand');
+
+                smtp._secureMode = false;
+                smtp._actionEHLO({
+                    success: true,
+                    line: '250-STARTTLS'
+                });
+
+                expect(_sendCommandStub.withArgs('STARTTLS').callCount).to.equal(1);
+
+                expect(smtp._currentAction).to.equal(smtp._actionSTARTTLS);
+                _sendCommandStub.restore();
+            });
         });
@@ -433,2 +449,20 @@
 
+        describe('#_actionSTARTTLS', function() {
+            it('should upgrade connection', function() {
+                var _sendCommandStub = sinon.stub(smtp, '_sendCommand');
+
+                smtp.options.name = 'abc';
+                smtp._actionSTARTTLS({
+                    success: true,
+                    line: '220 Ready to start TLS'
+                });
+
+                expect(smtp.socket.upgradeToSecure.callCount).to.equal(1);
+                expect(_sendCommandStub.withArgs('EHLO abc').callCount).to.equal(1);
+                expect(smtp._currentAction).to.equal(smtp._actionEHLO);
+
+                _sendCommandStub.restore();
+            });
+        });
+
         describe('#_actionAUTH_LOGIN_USER', function() {
@@ -435,0 +469,0 @@ it('should emit error on invalid input', function() {

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

108097

increased by2.03%

Lines of code

2253

increased by2.13%

Number of lines in readme file

223

increased by0.45%

Worsened metrics

Number of low supply chain risk alerts

5

increased by25%

Dependency changes

• Updatedtcp-socket@~0.3.4